Enabling support for TLS-verified mysql server by g-saransh · Pull Request #84 · prestodb/pbench

g-saransh · 2026-03-31T01:00:50Z

This PR adds support for simple TLS-verified mysql server. By default, it maintains the original behavior of disabling TLS verification.

Add the following fields in mysql.json for TLS,

"tls": true,
"caCertPath": "/path/to/CA/certificate"

yabinma · 2026-04-01T09:35:35Z

-		if db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(%s)/%s?parseTime=true",
-			mySQLCfg.Username, mySQLCfg.Password, mySQLCfg.Server, mySQLCfg.Database)); err != nil {
+		if db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(%s)/%s?tls=%t&parseTime=true",
+			mySQLCfg.Username, mySQLCfg.Password, mySQLCfg.Server, mySQLCfg.Database, mySQLCfg.Tls)); err != nil {


"Note: the corresponding CA certificate should be added to the system's trust store for TLS verification to work." Agree. It has to add the CA in the system truststore. It's possible to add a complete solution so that customized CA can be specified as well(a ca path maybe)？

Yes, thanks for the comment Yabin. I have added logic to handle custom certificate path. For completeness, I also added support for mutual TLS.

ethanyzhang

Thanks for the patch. There should also be tests for this as well.

ethanyzhang · 2026-04-13T05:26:16Z

+	}
+	if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
+		log.Error().Msg("failed to append CA certificate")
+		return nil, err


err here will be nil.

This is the path for !ok. The intent is to return an error if appending the certificate fails.

ethanyzhang · 2026-04-13T05:33:52Z

Please update the PR, commit messages should follow semantic commit message convention.

wanglinsong · 2026-04-13T21:24:14Z

We can simplify the PR by removing mTLS; pbench is not a typical mTLS use case.

g-saransh · 2026-04-13T22:29:23Z

@ethanyzhang I have updated the PR, addressing your comments. I also rebased and updated the commit message to follow semantic commit message convention.

g-saransh · 2026-04-13T22:30:22Z

We can simplify the PR by removing mTLS; pbench is not a typical mTLS use case.

I added mTLS for completeness. But if we feel it's not relevant here, I can remove it.

wanglinsong · 2026-04-13T23:08:07Z

We can simplify the PR by removing mTLS; pbench is not a typical mTLS use case.

I added mTLS for completeness. But if we feel it's not relevant here, I can remove it.

Yes, please. The hosts that run the pbench and pbench itself are not provisioned/built with client certificates.

- Update mysql.template.json with new TLS options - Handle custom TLS configuration - Add tests

g-saransh · 2026-04-14T00:58:05Z

We can simplify the PR by removing mTLS; pbench is not a typical mTLS use case.

I added mTLS for completeness. But if we feel it's not relevant here, I can remove it.

Yes, please. The hosts that run the pbench and pbench itself are not provisioned/built with client certificates.

Got it. Removed mutual TLS code. Thanks @wanglinsong.

g-saransh requested a review from ethanyzhang as a code owner March 31, 2026 01:00

wanglinsong requested a review from yabinma April 1, 2026 07:47

yabinma reviewed Apr 1, 2026

View reviewed changes

Comment thread utils/utils.go Outdated

yabinma reviewed Apr 1, 2026

View reviewed changes

Comment thread mysql.template.json Outdated

yabinma reviewed Apr 1, 2026

View reviewed changes

g-saransh force-pushed the mysql_tls branch from f25bfdf to 5d86119 Compare April 3, 2026 01:08

g-saransh requested a review from yabinma April 5, 2026 22:02

ethanyzhang requested changes Apr 13, 2026

View reviewed changes

ethanyzhang force-pushed the main branch from 21abdcf to c77b29f Compare April 13, 2026 19:14

ethanyzhang requested review from FelixYBW, wanglinsong, xpengahana and yhwang as code owners April 13, 2026 19:14

g-saransh force-pushed the mysql_tls branch 2 times, most recently from c4e5122 to 30dc9db Compare April 13, 2026 22:26

g-saransh requested a review from ethanyzhang April 13, 2026 22:30

feat: add tls verification to mysql dsn

1230238

- Update mysql.template.json with new TLS options - Handle custom TLS configuration - Add tests

g-saransh force-pushed the mysql_tls branch from 30dc9db to 1230238 Compare April 14, 2026 00:55

Conversation

g-saransh commented Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yabinma Apr 1, 2026

Choose a reason for hiding this comment

Uh oh!

g-saransh Apr 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ethanyzhang left a comment

Choose a reason for hiding this comment

Uh oh!

ethanyzhang Apr 13, 2026

Choose a reason for hiding this comment

Uh oh!

g-saransh Apr 13, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

ethanyzhang commented Apr 13, 2026

Uh oh!

wanglinsong commented Apr 13, 2026

Uh oh!

g-saransh commented Apr 13, 2026

Uh oh!

g-saransh commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

wanglinsong commented Apr 13, 2026

Uh oh!

g-saransh commented Apr 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

g-saransh commented Mar 31, 2026 •

edited

Loading

g-saransh Apr 3, 2026 •

edited

Loading

g-saransh commented Apr 13, 2026 •

edited

Loading

g-saransh commented Apr 14, 2026 •

edited

Loading